This document describes how to create and deploy dynamically linked and loaded
applications with the glibc library in the Native Client SDK. Before reading
this document, we recommend reading Building Native Client Modules
C standard libraries: glibc and newlib
The Native Client SDK comes with two C standard libraries — glibc and
newlib. These libraries are described in the table below.
glibc is the GNU implementation of the
POSIX standard runtime library for the C
programming language. Designed for
portability and performance, glibc is one
of the most popular implementations of the
C library. It is comprised of a set of
interdependent libraries including libc,
libpthreads, libdl, and others. For
documentation, FAQs, and additional
information about glibc, see GLIBC
newlib is a C library intended for use in
embedded systems. Like glibc, newlib is a
conglomeration of several library parts.
It is available for use under BSD-type free
software licenses, which generally makes it
more suitable to link statically in
commercial, closed-source applications. For
documentation, FAQs, and additional
information about newlib, see the newlib
For proprietary (closed-source) applications, your options are to either
statically link to newlib, or dynamically link to glibc. We recommend
dynamically linking to glibc, for a couple of reasons:
The glibc library is widely distributed (it’s included in Linux
distributions), and as such it’s mature, hardened, and feature-rich. Your
code is more likely to compile out-of-the-box with glibc.
Dynamic loading can provide a big performance benefit for your application if
you can structure the application to defer loading of code that’s not needed
for initial interaction with the user. It takes some work to put such code in
shared libraries and to load the libraries at runtime, but the payoff is
usually worth it. In future releases, Chrome may also support caching of
common dynamically linked libraries such as libc.so between applications.
This could significantly reduce download size and provide a further potential
performance benefit (for example, the hello_world example would only require
downloading a .nexe file that’s on the order of 30KB, rather than a .nexe
file and several libraries, which are on the order of 1.5MB).
Native Client support for dynamic linking and loading is based on glibc. Thus,
if your Native Client application must dynamically link and load code (e.g.,
due to licensing considerations), we recommend that you use the glibc
The Native Client SDK contains multiple toolchains, which are differentiated by
target architecture and C library:
In the directories listed above, <platform> is the platform of your development
machine (i.e., win, mac, or linux). For example, in the Windows SDK, the x86
toolchain that uses glibc is in toolchain/win_x86_glibc.
To use the glibc library and dynamic linking in your application, you must
use a glibc toolchain. (Currently the only glibc toolchain is
<platform>_x86_glibc.) Note that you must build all code in your application
with one toolchain. Code from multiple toolchains cannot be mixed.
Specifying and delivering shared libraries
One significant difference between newlib and glibc applications is that glibc
applications must explicitly list and deploy the shared libraries that they
In a desktop environment, when the user launches a dynamically linked
application, the operating system’s program loader determines the set of
libraries the application requires by reading explicit inter-module
dependencies from executable file headers, and loads the required libraries
into the address space of the application process. Typically the required
libraries will have been installed on the system as a part of the application’s
installation process. Often the desktop application developer doesn’t know or
think about the libraries that are required by an application, as those details
are taken care of by the user’s operating system.
In the Native Client sandbox, dynamic linking can’t rely in the same way on the
operating system or the local file system. Instead, the application developer
must identify the set of libraries that are required by an application, list
those libraries in a Native Client manifest file, and
deploy the libraries along with the application. Instructions for how to build
a dynamically linked Native Client application, generate a Native Client
manifest (.nmf) file, and deploy an application are provided below.
Building a dynamically linked application
A dynamically linked application typically includes one Native Client module
and one or more shared libraries. (How to allocate code between Native Client
modules and shared libraries is a question of application design that is beyond
the scope of this document.) Each Native Client module and shared library must
be compiled for at least the x86 32-bit and 64-bit architectures.
The dlopen example in the SDK
The Native Client SDK includes an example that demonstrates how to build a
shared library, and how to use the dlopen() interface to load that library
at runtime (after the application is already running). Many applications load
and link shared libraries at launch rather than at runtime, and hence do not
use the dlopen() interface. The SDK example is nevertheless instructive, as
it demonstrates how to build Native Client modules (.nexe files) and shared
libraries (.so files) with the x86 glibc toolchain, and how to generate a
Native Client manifest file for glibc applications.
The SDK example, located in the directory examples/dlopen, includes two C++
This file implements the function Magic8Ball(), which is used to provide
whimsical answers to user questions. The file is compiled into a shared
This file implements the Native Client module, which loads
user input), calls Magic8Ball() to generate answers, and sends messages
Run make in the dlopen directory to see the commands the Makefile executes
to build x86 32-bit and 64-bit .nexe and .so files, and to generate a .nmf
file. These commands are described below.
Building a Native Client module (.nexe file)
The Makefile in the dlopen example builds dlopen.cc into a .nexe file using
the two commands shown below. (For simplicity, the full path to the
compiler/linker is not shown; the tool is located in the bin directory in the
x86 glibc toolchain, e.g. toolchain/win_x86_glibc/bin.)
A few of the flags in these commands are described below:
put the output in file
compile the source file, but do not link it
produce 32-bit code (i.e., code for the x86-32 target architecture)
produce debugging information
use a base optimization level that minimizes compile time
support multithreading with the pthread library
request or supress the specified warning
use the specified library when linking (per C library naming conventions,
the linker uses the file lib*library*.so, or if that file is not available,
lib*library*.a; e.g., -ldl corresponds to libdl.so or libdl.a)
Many of these flags are optional; you need not use all of them to compile and
link your application. For example, you only need to use -ldl if your
application uses the dlopen() interface to open a library at runtime. The
toolchains in the Native Client SDK are based on the gcc compiler; see gcc
command options for a
full description of the gcc flags. For flags that are recommended with Native
Client, see compile flags for different development scenarios.
Note that you can combine the compile and link steps to build a .nexe file
using one command. Simply run i686-nacl-g++ once and use the appropriate
combination of flags (omit the -c flag and include the -l flag with the
(The carat ^ allows the command to span multiple lines on Windows; to do
the same on Mac and Linux use a backslash instead. Or you can simply type the
command and all its arguments on one line.)
The commands above build a 32-bit .nexe. To build a 64-bit .nexe, run the same
commands but with the -m64 flag instead of -m32, and of course specify
different output file names. Check the Makefile in the dlopen example to see
the set of commands that is used to generate 32-bit and 64-bit .nexes.
Building a shared library (.so file)
The Makefile in the dlopen example builds eightball.cc into a .so file using
the two commands shown below.
A couple of the important flags in these commands are described below:
generate position-independent code (PIC) suitable for use in a shared library
(this flag is required for all x86 64-bit modules and for 32-bit shared
produce a shared object that can be linked with other objects to form an
executable (this flag is required for .so files)
As when building a .nexe, you can combine compiling and linking into one step
by running i686-nacl-g++ once with the appropriate combination of flags.
As with .nexes, you need to generate both 32-bit and 64-bit versions of a
shared object – see the dlopen example for an illustration. In the dlopen
example, the shared objects are put into the subdirectories lib32 and
lib64. These directories are used to collect all the shared libraries
needed by the application, as discussed below.
Generating a Native Client manifest file for a dynamically linked application
The Native Client manifest file must specify the full list of executable files
needed by an application, including the recursive closure of shared library
dependencies. Take a look at the manifest file in the dlopen example to see how
a glibc-style manifest file is structured. (Run make in the dlopen directory to
generate the manifest file if you haven’t done so already.) Here is an excerpt
(The carat ^ allows the command to span multiple lines on Windows; to do the
same on Mac and Linux use a backslash instead, or you can simply type the
command and all its arguments on one line. <NACL_SDK_ROOT> represents the path
to the top-level directory of the bundle you are using, e.g.,
Run python create_nmf.py --help to see a description of the command-line
flags. A few of the important flags are described below.
use tool to read information about a file and determine shared library
dependencies (the tool must be a version of the objdump utility)
use directory to stage libraries (libraries are added to lib32 and
add directory to the library search path
As an alternative to using create_nmf.py, you can also chase down the full
list of shared library dependencies manually and add those to your .nmf file.
To do so, start by running the Native Client version of the objdump utility on
your .nexe file, as shown below. (The objdump utility is located in the same
directory as the glibc toolchain, e.g., toolchain/win_x86_glibc/bin.)
i686-nacl-objdump -p dlopen_x86_32.nexe
A .nexe file contains compiled machine code, as well as headers that describe
the contents of the file and information about how to use the file. The objdump
utility lets you examine the file’s headers, including the “Dynamic Section,”
which specifies shared library dependencies, as in this example output from the
All the files that are identified as NEEDED in the “Dynamic Section” portion of
the objdump output are files that you need to list in your Native Client
manifest file and distribute with your application. (The numbers listed at the
end of the file names are version numbers, and you must list and distribute
those exact versions.) Once you’ve identified the shared libraries that are
needed by your .nexe file, you must repeat the process recursively: Run objdump
on each of the NEEDED files, and add the newly-identified NEEDED files to your
manifest file and to your distribution directories. To get the full list of
libraries for an application, repeat the process until you’ve identified the
recursive closure of dependencies.
Deploying a dynamically linked application
As described above, an application’s manifest file must explicitly list all the
executable code modules that the application requires, including modules from
the application itself (.nexe and .so files), modules from the Native Client
SDK (e.g., libppapi_cpp.so), and perhaps also modules from naclports or from middleware systems that the application uses. You must provide all of
those modules as part of the application deployment process.
hosted application: all modules are hosted together on a web server of
packaged application: all modules are packaged into one file, hosted in
the Chrome Web Store, and downloaded to the user’s machine
You must deploy all the modules listed in your application’s manifest file for
either the hosted application or the packaged application case. For hosted
applications, you must upload the modules to your web server. For packaged
applications, you must include the modules in the application’s Chrome Web
Store .crx file. Modules should use URLs/names that are consistent with those
in the Native Client manifest file, and be named relative to the location of
the manifest file. Remember that some of the libraries named in the manifest
file may be located in directories you specified with the -L option to
create_nmf.py. You are free to rename/rearrange files and directories
referenced by the Native Client manifest file, so long as the modules are
available in the locations indicated by the manifest file. If you move or
rename modules, it may be easier to re-run create_nmf.py to generate a new
manifest file rather than edit the original manifest file. For hosted
applications, you can check for name mismatches during testing by watching the
request log of the web server hosting your test deployment.
Opening a shared library at runtime
Native Client supports a version of the POSIX standard dlopen() interface
for opening libraries explicitly, after an application is already running.
Calling dlopen() may cause a library download to occur, and automatically
loads all libraries that are required by the named library.
The best practice for opening libraries with dlopen() is to use a worker
thread to pre-load libraries asynchronously during initialization of your
application, so that the libraries are available when they’re needed. You can
call dlopen() a second time when you need to use a library – per the
specification, subsequent calls to dlopen() return a handle to the
previously loaded library. Note that you should only call dlclose() to close a
library when you no longer need the library; otherwise, subsequent calls to
dlopen() could cause the library to be fetched again.
The dlopen example in the SDK demonstrates how to open a shared library,
magiceightball.so, at runtime. To reiterate, the example includes two C++
eightball.cc: this is the shared library that implements the function
Magic8Ball() (this file is compiled into libeightball.so)
dlopen.cc: this is the Native Client module that loads libeightball.so
and calls Magic8Ball() to generate answers (this file is compiled into
When the Native Client module starts, it kicks off a worker thread that calls
dlopen() to load magiceightball.so. When the download of
libeightball.so completes, the worker thread schedules a callback function
on the main thread. The callback function calls dlopen() for
magiceightball.so a second time; this second call obtains a proper handle
to the library. Once the module has a handle to the library, it grabs the entry
point in libeightball.so for the Magic8Ball() function. When a user types
in a query and clicks the ‘ASK!’ button, the module calls Magic8Ball() to
generate an answer, and returns the result to the user.
The sequence of calls in the dlopen module is illustrated by the pseudo-code in
the table below:
If your .nexe isn’t loading, the best place to look for information that can
help you troubleshoot the problem is stdout and nacllog. See the Debugging page
for instructions about how to access those streams.
Here are a few common error messages and explanations of what they mean:
/main.nexe: error while loading shared libraries: /main.nexe: failed to allocate code and data space for executable
The .nexe may not have been compiled correctly (e.g., the .nexe may be
statically linked). Try cleaning and recompiling with the glibc toolchain.
/main.nexe: error while loading shared libraries: libpthread.so.xxxx: cannot open shared object file: Permission denied
(xxxx is a version number, for example, 5055067a.) This error can result from
having the wrong path in the .nmf file. Double-check that the path in the
.nmf file is correct.
/main.nexe: error while loading shared libraries: /main.nexe: cannot open shared object file: No such file or directory
If there are no obvious problems with your main.nexe entry in the .nmf file,
check where main.nexe is being requested from. Use Chrome’s Developer Tools:
Click the menu icon , select Tools > Developer Tools, click the
Network tab, and look at the path in the Name column.
This error happens when using a newlib-style .nmf file instead of a
glibc-style .nmf file. Make sure you build your application with the glic
toolchain, and use the create_nmf.py script to generate your .nmf file.
NativeClient: NaCl module load failed: Nexe crashed during startup
This error message indicates that a module crashed while being loaded. You
can determine which module crashed by looking at the Network tab in Chrome’s
Developer Tools (see above). The module that crashed will be the last one
that was loaded.
/lib/main.nexe: error while loading shared libraries: /lib/main.nexe: only ET_DYN and ET_EXEC can be loaded
This error message indicates that there is an error with the .so files listed
in the .nmf file – either the files are the wrong type or kind, or an
expected library is missing.
undefined reference to ‘dlopen’ collect2: ld returned 1 exit status
This is a linker ordering problem that usually results from improper ordering
of command line flags when linking. Reconfigure your command line string to
list libraries after the -o flag.